def access_request_handler():
access_details = readAccessReq() # Reading the Access Request
try:
tree = parse('scanner_details.xml') # Reading the Scanner Details
root = tree.getroot()
# Access request handler for scanners
# Read Nessus scanner details
scanner = root.find('nessus')
execute_nessus = scanner.get('enabled')
if execute_nessus == '1':
# print(scanner)
if scanner.find('host').text is None or scanner.find('username').text is None or scanner.find('host').text is None:
xml_error("Nessus data missing in scanner_details.xml")
print("Nessus" + " host@:" + scanner.find('host').text)
# print(scanner.find('username').text)
usr_passwd = input("Please enter your password for " + " Nessus" + ": ")
nessus_details = {'uname': scanner.find('username').text, 'passwd': usr_passwd, 'host': scanner.find('host').text}
# Scanner task calls from here
Utilities.printLog("Executing Nessus tasks")
nessusObj = nes.Nessus(nessus_details) # Create Nessus scanner class obj
msg = nessusObj.handleAccessReq(access_details, nessus_details) # Login | Add User | Logout
# Read Nexpose scanner details
scanner = root.find('nexpose')
execute_nexpose = scanner.get('enabled')
if execute_nexpose == '1':
# print(scanner)
if scanner.find('host').text is None or scanner.find('username').text is None or scanner.find('host').text is None:
xml_error("Nexpose data missing in scanner_details.xml")
print("Nexpose" + " host@:" + scanner.find('host').text)
# print(scanner.find('username').text)
usr_passwd = input("Please enter your password for " + " Nexpose" + ": ")
nexpose_details = {'uname': scanner.find('username').text, 'passwd': usr_passwd, 'host': scanner.find('host').text}
# Scanner task calls from here
Utilities.printLog("Executing Nexpose tasks")
nexposeObj = nex.Nexpose(nexpose_details) # Create Nexpose scanner class obj
msg += "\n"+nexposeObj.handleAccessReq(access_details, nexpose_details) # Login | SaveSite | Add User | Logout
# Read Qualys scanner details
scanner = root.find('qualys')
execute_qualys = scanner.get('enabled')
if execute_qualys == '1':
# print(scanner)
if scanner.find('host').text is None or scanner.find('username').text is None or scanner.find('host').text is None:
xml_error("Qualys data missing in scanner_details.xml")
print("Qualys" + " host@:" + scanner.find('host').text)
# print(scanner.find('username').text)
usr_passwd = input("Please enter your password for " + " Qualys" + ": ")
qualys_details = {'uname': scanner.find('username').text, 'passwd': usr_passwd, 'host': scanner.find('host').text}
# Scanner task calls from here
Utilities.printLog("Executing Qualys tasks")
qualysObj = qua.Qualys(qualys_details) # Create Qualys scanner class obj
qualysObj.handleAccessReq(access_details, qualys_details) # Login | Add Asset | Add Asset Grp | Add User
msg +="\nQualys\nDetails send to email."
Utilities.write_to_file(msg)
except Exception as e:
Utilities.printException("In fun access_request_handler():"+ str(e))
def readAccessReq():
# read access request from XML
try:
ip = ""
usrlst = []
tree = parse('access_request.xml')
root = tree.getroot()
for child in root.findall('user'):
uname = child.find('uname').text
name = child.find('name').text
email = child.find('email').text
if uname is None or name is None or email is None:
xml_error("Data missing in access_request.xml")
usrlst.append(uname + ',' + name + ',' + email)
asst_det = root.find('asset_details')
site_det = root.find('site')
site_name = site_det.get('name')
site_desc = site_det.get('desc')
for ipchild in asst_det.findall('ip'):
if ipchild.text is None:
xml_error("IP missing in access_request.xml")
ip = ip + "," + ipchild.text
# print(ip)
ip = ip.strip(',')
access_req = {
'userList': usrlst,
'ip': ip,
'site_name': site_name,
'site_desc': site_desc
}
# print(access_req)
return access_req
except Exception as e:
Utilities.printException("Error with access_request.xml." + str(e))
def readAccessReq():
# read access request from XML
try:
ip = ""
usrlst = []
tree = parse('access_request.xml')
root = tree.getroot()
for child in root.findall('user'):
uname = child.find('uname').text
name = child.find('name').text
email = child.find('email').text
if uname is None or name is None or email is None:
xml_error("Data missing in access_request.xml")
usrlst.append(uname + ',' + name + ',' + email)
asst_det = root.find('asset_details')
site_det = root.find('site')
site_name = site_det.get('name')
site_desc = site_det.get('desc')
for ipchild in asst_det.findall('ip'):
if ipchild.text is None:
xml_error("IP missing in access_request.xml")
ip = ip + "," + ipchild.text
# print(ip)
ip = ip.strip(',')
access_req = {'userList': usrlst, 'ip': ip, 'site_name': site_name, 'site_desc': site_desc}
# print(access_req)
return access_req
except Exception as e:
Utilities.printException("Error with access_request.xml."+ str(e))
def create_user(self, access_req):
try:
# Create User
create_user_URL = self.nessus_host + "/users"
usrLst = access_req['userList']
for user in usrLst:
userinfo = user.split(',') # uname,name,email
pswd = Utilities.gen_code()
payload = {'username': userinfo[0], 'password': pswd, 'permissions': '32',
'name': userinfo[1], 'email': userinfo[2], 'type': 'local'}
response = self.makeRequest(create_user_URL, json.dumps(payload), self.headers)
json_rep = json.loads(response.decode("utf-8"))
# print(json_rep)
if self.status_code == 200:
Utilities.printSuccess("Created user: "******"Nessus\nUsername:"******"\nPassword:"******"User creation Failure: Invalid field request")
return False
if self.status_code == 403:
Utilities.printError("User creation Failure: No permission to create a user")
return False
if self.status_code == 409:
Utilities.printError("User creation Failure: Duplicate username")
return False
except Exception as e:
Utilities.printException(str(e))
def __init__(self, scanner_info):
try:
# Login and get the session here
self.nessus_host = scanner_info['host']
self.headers = {'Content-Type': 'application/json'}
self.login_try = 0
self.message = ""
except Exception as e:
Utilities.printException(str(e))
def __init__(self, scanner_info):
try:
# Login and get the session here
self.nessus_host = scanner_info['host']
self.headers = {'Content-Type': 'application/json'}
self.login_try = 0
self.message = ""
except Exception as e:
Utilities.printException(str(e))
def __init__(self, scanner_info):
try:
self.nexpose_host = scanner_info['host']
self.reqURL = self.nexpose_host + "/api/1.1/xml"
self.headers = {'Content-Type': 'text/xml'}
self.login_try = 0
self.msg = ""
except Exception as e:
Utilities.printException(str(e))
def __init__(self, scanner_info):
try:
self.nexpose_host = scanner_info['host']
self.reqURL = self.nexpose_host + "/api/1.1/xml"
self.headers = {'Content-Type': 'text/xml'}
self.login_try = 0
self.msg = ""
except Exception as e:
Utilities.printException(str(e))
def handleAccessReq(self, access_req, scanner_info):
try:
asset_adittion_success = self.add_asset(access_req)
if asset_adittion_success:
asset_grp_add_status = self.add_asset_grp(access_req)
if asset_grp_add_status:
create_user_status = self.add_user(access_req)
# self.logout_user()
except Exception as e:
Utilities.printException(str(e))
def handleAccessReq(self, access_req, scanner_info):
try:
asset_adittion_success = self.add_asset(access_req)
if asset_adittion_success:
asset_grp_add_status = self.add_asset_grp(access_req)
if asset_grp_add_status:
create_user_status = self.add_user(access_req)
# self.logout_user()
except Exception as e:
Utilities.printException(str(e))
def handleAccessReq(self, access_req, scanner_info):
try:
if self.login_nessus(scanner_info):
create_user_status = self.create_user(access_req)
self.logout_user()
if create_user_status:
return self.message
else:
return "Nessus user creation failed"
except Exception as e:
Utilities.printException(str(e))
def logout_user(self):
try:
# destroy the user session
logoutURL = self.nessus_host + "/session"
response = self.makeRequest(logoutURL, {}, self.headers, "DELETE")
if self.status_code == 200:
Utilities.printSuccess("Logged out of Nessus Scanner")
if self.status_code == 401:
Utilities.printSuccess("Logged out failure: No session exists")
except Exception as e:
Utilities.printException(str(e))
def logout_user(self):
try:
# destroy the user session
logoutURL = self.nessus_host + "/session"
response = self.makeRequest(logoutURL, {}, self.headers, "DELETE")
if self.status_code == 200:
Utilities.printSuccess("Logged out of Nessus Scanner")
if self.status_code == 401:
Utilities.printSuccess("Logged out failure: No session exists")
except Exception as e:
Utilities.printException(str(e))
def handleAccessReq(self, access_req, scanner_info):
try:
if self.login_nessus(scanner_info):
create_user_status = self.create_user(access_req)
self.logout_user()
if create_user_status:
return self.message
else:
return "Nessus user creation failed"
except Exception as e:
Utilities.printException(str(e))
def create_user(self, access_req):
try:
# Create User
create_user_URL = self.nessus_host + "/users"
usrLst = access_req['userList']
for user in usrLst:
userinfo = user.split(',') # uname,name,email
pswd = Utilities.gen_code()
payload = {
'username': userinfo[0],
'password': pswd,
'permissions': '32',
'name': userinfo[1],
'email': userinfo[2],
'type': 'local'
}
response = self.makeRequest(create_user_URL,
json.dumps(payload), self.headers)
json_rep = json.loads(response.decode("utf-8"))
# print(json_rep)
if self.status_code == 200:
Utilities.printSuccess("Created user: "******"Nessus\nUsername:"******"\nPassword:"******"User creation Failure: Invalid field request")
return False
if self.status_code == 403:
Utilities.printError(
"User creation Failure: No permission to create a user"
)
return False
if self.status_code == 409:
Utilities.printError(
"User creation Failure: Duplicate username")
return False
except Exception as e:
Utilities.printException(str(e))
def scan(self):
try:
#read data from config file
tree = ET.parse('host_details.xml')
root = tree.getroot()
username = root[0][0].text
password = root[0][1].text
#setup connection
s = requests.Session()
s.headers.update({'X-Requested-With':'Qualys Vuln Api Scan'})
self.login(s, username, password)
#scan each host
for host in root.iter('host'):
self.quick_scan(s, host[0].text, host[1].text, host[2].text, host[3].text, host[4].text, host[5].text)
except:
Utilities.printException("Unexpected error: " + sys.exc_info()[0])
Utilities.printException("sys.exc_info(): " + sys.exc_info())
finally:
#always log out and close the session
self.logout(s)
s.close()
def scan(self):
try:
#read data from config file
tree = ET.parse('host_details.xml')
root = tree.getroot()
username = root[0][0].text
password = root[0][1].text
#setup connection
s = requests.Session()
s.headers.update({'X-Requested-With': 'Qualys Vuln Api Scan'})
self.login(s, username, password)
#scan each host
for host in root.iter('host'):
self.quick_scan(s, host[0].text, host[1].text, host[2].text,
host[3].text, host[4].text, host[5].text)
except:
Utilities.printException("Unexpected error: " + sys.exc_info()[0])
Utilities.printException("sys.exc_info(): " + sys.exc_info())
finally:
#always log out and close the session
self.logout(s)
s.close()
def access_request_handler():
access_details = readAccessReq() # Reading the Access Request
try:
tree = parse('scanner_details.xml') # Reading the Scanner Details
root = tree.getroot()
# Access request handler for scanners
# Read Nessus scanner details
scanner = root.find('nessus')
execute_nessus = scanner.get('enabled')
if execute_nessus == '1':
# print(scanner)
if scanner.find('host').text is None or scanner.find(
'username').text is None or scanner.find(
'host').text is None:
xml_error("Nessus data missing in scanner_details.xml")
print("Nessus" + " host@:" + scanner.find('host').text)
# print(scanner.find('username').text)
usr_passwd = input("Please enter your password for " + " Nessus" +
": ")
nessus_details = {
'uname': scanner.find('username').text,
'passwd': usr_passwd,
'host': scanner.find('host').text
}
# Scanner task calls from here
Utilities.printLog("Executing Nessus tasks")
nessusObj = nes.Nessus(
nessus_details) # Create Nessus scanner class obj
msg = nessusObj.handleAccessReq(
access_details, nessus_details) # Login | Add User | Logout
# Read Nexpose scanner details
scanner = root.find('nexpose')
execute_nexpose = scanner.get('enabled')
if execute_nexpose == '1':
# print(scanner)
if scanner.find('host').text is None or scanner.find(
'username').text is None or scanner.find(
'host').text is None:
xml_error("Nexpose data missing in scanner_details.xml")
print("Nexpose" + " host@:" + scanner.find('host').text)
# print(scanner.find('username').text)
usr_passwd = input("Please enter your password for " + " Nexpose" +
": ")
nexpose_details = {
'uname': scanner.find('username').text,
'passwd': usr_passwd,
'host': scanner.find('host').text
}
# Scanner task calls from here
Utilities.printLog("Executing Nexpose tasks")
nexposeObj = nex.Nexpose(
nexpose_details) # Create Nexpose scanner class obj
msg += "\n" + nexposeObj.handleAccessReq(
access_details,
nexpose_details) # Login | SaveSite | Add User | Logout
# Read Qualys scanner details
scanner = root.find('qualys')
execute_qualys = scanner.get('enabled')
if execute_qualys == '1':
# print(scanner)
if scanner.find('host').text is None or scanner.find(
'username').text is None or scanner.find(
'host').text is None:
xml_error("Qualys data missing in scanner_details.xml")
print("Qualys" + " host@:" + scanner.find('host').text)
# print(scanner.find('username').text)
usr_passwd = input("Please enter your password for " + " Qualys" +
": ")
qualys_details = {
'uname': scanner.find('username').text,
'passwd': usr_passwd,
'host': scanner.find('host').text
}
# Scanner task calls from here
Utilities.printLog("Executing Qualys tasks")
qualysObj = qua.Qualys(
qualys_details) # Create Qualys scanner class obj
qualysObj.handleAccessReq(
access_details,
qualys_details) # Login | Add Asset | Add Asset Grp | Add User
msg += "\nQualys\nDetails send to email."
Utilities.write_to_file(msg)
except Exception as e:
Utilities.printException("In fun access_request_handler():" + str(e))